On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability.
Mitigation:
all users should upgrade to 2.1.4
Metrics
Affected Vendors & Products
References
History
Tue, 10 Sep 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache streampark |
|
CPEs | cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache streampark |
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-07-18T11:15:56.706Z
Updated: 2024-08-02T01:10:54.085Z
Reserved: 2024-03-18T16:34:46.011Z
Link: CVE-2024-29178
Vulnrichment
Updated: 2024-08-02T01:10:54.085Z
NVD
Status : Modified
Published: 2024-07-18T12:15:02.960
Modified: 2024-11-21T09:07:44.080
Link: CVE-2024-29178
Redhat
No data.